---
# Define resources for this group of hosts here.
csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org
csi_purpose: Hosts services which help facilitate communication over IRC and related mediums.
csi_relationship: |
  There are a couple things running here.

  * zodbot, a supybot instance.  See the zodbot SOP for more info.
  * fedmsg-irc, our fedmsg to IRC relay.  'journalctl -u fedmsg-irc'
  * mote, a webapp running behind httpd that serves meetbot log files.
# For the MOTD
csi_security_category: Moderate
custom_rules: [
  # Needed for rsync from log01 for logs.
  '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
  # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here
  '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT',
  # batcave01 also needs access to announce commits.
  '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT']
deployment_type: prod
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      # cookies!
      - irc.karma
      # standard meetbot stuff
      - meetbot.meeting.complete
      - meetbot.meeting.start
      - meetbot.meeting.topic.update
      # meetbot line items
      - meetbot.meeting.item.agreed
      - meetbot.meeting.item.accepted
      - meetbot.meeting.item.rejected
      - meetbot.meeting.item.action
      - meetbot.meeting.item.info
      - meetbot.meeting.item.idea
      - meetbot.meeting.item.help
      - meetbot.meeting.item.link
    group: daemon
    owner: root
    service: supybot
ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-mote
  - sysadmin-noc
  - sysadmin-veteran
  - sysadmin-web
ipa_client_sudo_groups:
  - sysadmin-mote
  - sysadmin-web
ipa_host_group: value
ipa_host_group_desc: "Value added: IRC bots, message logging, etc."
lvm_size: 30000
mem_size: 6144
num_cpus: 2
primary_auth_source: ipa
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [80, 443,
  # These 16 ports are used by fedmsg.  One for each wsgi thread.
  3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
